| Subject: | dbdimp.c null pointer dereference in dbd_pg_fetch |
pg_type_data is allowed to return NULL but a subsequent dereference does not take that into account. Fetching unhandled types like arrays causes a segfault.
diff -u DBD-Pg-1.31/dbdimp.c DBD-Pg-1.32/dbdimp.c
--- DBD-Pg-1.31/dbdimp.c 2003-10-27 13:57:02.000000000 -0600
+++ DBD-Pg-1.32/dbdimp.c 2004-01-02 20:43:51.000000000 -0600
@@ -1028,7 +1028,9 @@
pg_type = PQftype(imp_sth->result, i);
type_info = pg_type_data(pg_type);
-
+ if (dbis->debug >= 2)
+ PerlIO_printf(DBILOGFP, "pg_type %d type_info %d\n", pg_type, type_info == NULL);
+
if (type_info)
type_info->dequote(value, &value_len); /* dequote in place */
else
@@ -1036,7 +1038,7 @@
sv_setpvn(sv, value, value_len);
- if ((type_info->type_id == BPCHAROID) && chopblanks) {
+ if (type_info && (type_info->type_id == BPCHAROID) && chopblanks) {
p = SvEND(sv);
len = SvCUR(sv);
while(len && *--p == ' ')